feat: 可查看全局被限制的ip 并且可以解锁 (#11394)

Co-authored-by: feng <1304903146@qq.com>

apps/settings/api/__init__.py

@@ -3,6 +3,7 @@ from .email import *
 from .feishu import *
 from .ldap import *
 from .public import *
+from .security import *
 from .settings import *
 from .sms import *
 from .vault import *

apps/settings/api/security.py

@@ -0,0 +1,60 @@
+from uuid import uuid4
+
+from django.conf import settings
+from django.core.cache import cache
+from rest_framework.generics import ListAPIView, CreateAPIView
+from rest_framework.views import Response
+
+from users.utils import LoginIpBlockUtil
+from ..serializers import SecurityBlockIPSerializer
+
+
+class BlockIPSecurityAPI(ListAPIView):
+    serializer_class = SecurityBlockIPSerializer
+    rbac_perms = {
+        'GET': 'settings.change_security',
+        'unlock': 'settings.change_security',
+    }
+
+    @staticmethod
+    def get_ips():
+        ips = []
+        prefix = LoginIpBlockUtil.BLOCK_KEY_TMPL.replace('{}', '')
+        keys = cache.keys(f'{prefix}*')
+        for key in keys:
+            ips.append(key.replace(prefix, ''))
+
+        white_list = settings.SECURITY_LOGIN_IP_WHITE_LIST
+        ips = list(set(ips) - set(white_list))
+        ips = settings.SECURITY_LOGIN_IP_BLACK_LIST
+        ips = [ip for ip in ips if ip != '*']
+        return ips
+
+    def get_page_offset_and_limit(self):
+        get_params = self.request.GET
+        offset = get_params.get('offset', 0)
+        limit = get_params.get('limit', 15)
+        return int(offset), int(limit)
+
+    def list(self, request, *args, **kwargs):
+        ips = self.get_ips()
+        offset, limit = self.get_page_offset_and_limit()
+        slice_ips = ips[offset:offset + limit]
+        data = [{'id': str(uuid4()), 'ip': ip} for ip in slice_ips]
+        ser = self.get_serializer(data, many=True)
+        data = {'count': len(ips), 'results': ser.data}
+        return Response(data=data, status=200)
+
+
+class UnlockIPSecurityAPI(CreateAPIView):
+    serializer_class = SecurityBlockIPSerializer
+    rbac_perms = {
+        'POST': 'settings.change_security',
+    }
+
+    def create(self, request, *args, **kwargs):
+        ips = request.data.get('ips')
+        prefix = LoginIpBlockUtil.BLOCK_KEY_TMPL.replace('{}', '')
+        for ip in ips:
+            LoginIpBlockUtil(f'{prefix}{ip}').clean_block_if_need()
+        return Response(status=200)

apps/settings/serializers/security.py

@@ -7,6 +7,7 @@ __all__ = [
     'SecurityPasswordRuleSerializer', 'SecuritySessionSerializer',
     'SecurityAuthSerializer', 'SecuritySettingSerializer',
     'SecurityLoginLimitSerializer', 'SecurityBasicSerializer',
+    'SecurityBlockIPSerializer'
 ]
 
 
@@ -225,3 +226,8 @@ class SecuritySettingSerializer(
     SecurityLoginLimitSerializer,
 ):
     PREFIX_TITLE = _('Security')
+
+
+class SecurityBlockIPSerializer(serializers.Serializer):
+    id = serializers.UUIDField(required=False)
+    ip = serializers.CharField(max_length=1024, required=False, allow_blank=True)

apps/settings/urls/api_urls.py

@@ -20,6 +20,8 @@ urlpatterns = [
     path('sms/backend/', api.SMSBackendAPI.as_view(), name='sms-backend'),
     path('vault/testing/', api.VaultTestingAPI.as_view(), name='vault-testing'),
     path('vault/sync/', api.VaultSyncDataAPI.as_view(), name='vault-sync'),
+    path('security/block-ip/', api.BlockIPSecurityAPI.as_view(), name='block-ip'),
+    path('security/unlock-ip/', api.UnlockIPSecurityAPI.as_view(), name='unlock-ip'),
 
     path('setting/', api.SettingsApi.as_view(), name='settings-setting'),
     path('logo/', api.SettingsLogoApi.as_view(), name='settings-logo'),